CVE-2026-46724

Published: May 19, 2026

Modified: Jun 3, 2026

PUBLISHED

Description

The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences.

Vendor	Product	Versions
TYPO3	Extension "Faceted Search"	affected `7.0.0 - < 7.0.1` affected `6.0.0 - < 6.6.1` affected `5.0.0 - < 5.6.2` affected `0 - < 4.6.7`

Weaknesses (CWE)

CWE-22

References

https://typo3.org/security/advisory/typo3-ext-sa-2026-011

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-46724

Description

Affected Products

Weaknesses (CWE)

References